Analyzing FLUX#CONSOLE: Using Tax-Themed Lures, Threat Actors Exploit Windows Management Console to Deliver Backdoor Payloads

Description

The FLUX#CONSOLE campaign involves a sophisticated tax-themed phishing attack that exploits Microsoft Management Console (MSC) files to deliver a stealthy backdoor payload. Threat actors use tax-related lures to trick users into executing malicious code. The attack leverages MSC files, which are normally used for administrative tasks, to execute obfuscated JavaScript. This leads to the deployment of a malicious DLL file (DismCore.dll) through DLL sideloading. The campaign employs advanced obfuscation techniques, including multiple layers of encoding and encryption, to evade detection. Persistence is established using scheduled tasks. The malware communicates with a command and control server, potentially exfiltrating data from infected systems.